US7092525B2  Cryptographic system with enhanced encryption function and cipher key for data encryption standard  Google Patents
Cryptographic system with enhanced encryption function and cipher key for data encryption standard Download PDFInfo
 Publication number
 US7092525B2 US7092525B2 US09/838,123 US83812301A US7092525B2 US 7092525 B2 US7092525 B2 US 7092525B2 US 83812301 A US83812301 A US 83812301A US 7092525 B2 US7092525 B2 US 7092525B2
 Authority
 US
 United States
 Prior art keywords
 des
 permutation
 cryptographic
 key
 improved
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Expired  Fee Related, expires
Links
 238000000034 methods Methods 0.000 claims abstract description 21
 238000003860 storage Methods 0.000 claims description 7
 230000001419 dependent Effects 0.000 claims description 4
 239000000203 mixtures Substances 0.000 claims 5
 238000009795 derivation Methods 0.000 claims 1
 239000000725 suspensions Substances 0.000 claims 1
 238000006467 substitution reactions Methods 0.000 abstract description 5
 240000006028 Sambucus nigra Species 0.000 abstract 1
 230000001131 transforming Effects 0.000 abstract 1
 230000037010 Beta Effects 0.000 description 20
 238000010586 diagrams Methods 0.000 description 8
 230000004048 modification Effects 0.000 description 8
 238000006011 modification reactions Methods 0.000 description 8
 230000001965 increased Effects 0.000 description 6
 238000004519 manufacturing process Methods 0.000 description 3
 280000603137 Block as companies 0.000 description 2
 281999990625 Government companies 0.000 description 2
 238000006243 chemical reactions Methods 0.000 description 2
 230000000875 corresponding Effects 0.000 description 2
 230000000694 effects Effects 0.000 description 2
 241001391944 Commicarpus scandens Species 0.000 description 1
 281999990587 Federal Government companies 0.000 description 1
 281000146977 Federal Information Processing Standards companies 0.000 description 1
 281999990642 Government Agencies companies 0.000 description 1
 280000304537 Other Logic companies 0.000 description 1
 280000786248 Weizmann Institute of Science companies 0.000 description 1
 230000003466 anticipated Effects 0.000 description 1
 238000004364 calculation methods Methods 0.000 description 1
 238000010276 construction Methods 0.000 description 1
 125000004122 cyclic group Chemical group 0.000 description 1
 230000004069 differentiation Effects 0.000 description 1
 238000009826 distribution Methods 0.000 description 1
 238000005516 engineering processes Methods 0.000 description 1
 230000002708 enhancing Effects 0.000 description 1
 281999990011 institutions and organizations companies 0.000 description 1
 230000001575 pathological Effects 0.000 description 1
 230000003389 potentiating Effects 0.000 description 1
 230000017105 transposition Effects 0.000 description 1
 238000004450 types of analysis Methods 0.000 description 1
Images
Classifications

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for blockwise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
 H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
 H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/08—Randomization, e.g. dummy operations or using noise

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/12—Details relating to cryptographic hardware or logic circuitry

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/24—Key scheduling, i.e. generating round keys or subkeys for block encryption
Abstract
Description
Priority is hereby claimed for the Applicants Provisional U.S. Ser. No.: 60/198,575 filed on Apr. 20, 2000.
1. Field of the Invention
The present invention is generally directed to data encryption or cryptography, and more specifically, to an improved Data Encryption Standard (DES) cryptographic system for cryptographic protection of data through modifications to the cipher function and cipher key as specified in the DES.
2. Description of the Related Art
The introduction of a high grade cryptographic system to the public domain marked the commencement of serious widespread public research in the field of cryptography. The DES as promulgated by the U.S. government in FIPS PUB 46 on Jan. 15, 1977 is perhaps the most widely analyzed cryptographic system in history and has stood well against many and varied attacks. The DES has been widely employed and has served as a model for development of many other cryptographic algorithms. U.S. Pat. No. 3,962,539 issued on Jun. 8, 1976 to Ehrsam, et al. describes the basic DES device and process and is incorporated herein in its entirety by this cross reference.
The traditional DES is a block cipher, which acts on independent fixedlength, plaintext input blocks and yields fixedlength output blocks. That is, the DES encryption process maps 64bit plaintext input blocks into 64bit ciphertext output blocks. There are 2^{56 }(i.e. 10^{16.8}) mappings where each mapping selected by a 56bit keying variable is unique and invertible. The DES decryption is a reverse of the encryption mapping, and requires knowledge of the specific keying variable used in the encryption process.
The use of the DES as a cryptographic system is built around its most basic mode, which is known as the Electronic Code Book (ECB) mode. Other modes of DES, such as Cipher Block Chaining (CBC), Cipher Feedback (CFB) and Output Feedback (OFB), are described in the Federal Information Processing Standards Publication (FIPS PUB) number 81. In the ECB mode, a 64bit plaintext word is converted to a 64bit ciphertext word. This conversion is a oneto one and reverse mapping is electable. This conversion is also done under the control of a 56bit keying variable. The keying variable for the DES is generally given as 64bits with the convention of using 8 bits as the odd parity bits.
Alternative Modes of Using the DES from FIPS PUB 81, DES Modes of Operation are the Cipher Block Chaining (CBC) mode, the Cipher Feedback (CFB) mode, and the Output Feedback (OFB) mode. ECB is a direct application of the DES algorithm to encrypt and decrypt data; CBC is an enhanced mode of ECB which chains together blocks of cipher text; CFB uses previously generated cipher text as input to the DES to generate pseudorandom outputs which are combined with the plaintext to produce cipher, thereby chaining together the resulting cipher; OFB is identical to CFB except that the previous output of the DES is used as input in OFB while the previous cipher is used as input in CFB. OFB does not chain the cipher.
With the inexorable advance in available worldwide computer power coupled with the existing fame of the DES algorithm, it was inevitable that the DES algorithm would continue to draw attention and challenges as to its sufficiency in protecting data at the highest level. In particular, challenges have been mounted through parallel exhaustive attack and socalled special attacks in which one seeks to find a path to a solution that is computationally less than that of simple exhaustion.
There are two important publications with respect to cryptanalysis of the DES cryptoprinciple. The publications represent two very powerful distinct cryptanalytic approaches. Neither approach was initially successful at defeating the DES but both approaches deserve consideration as genres of potent cryptanalysis. The first of these was reported in the paper “Exhaustive Cryptanalysis of the NBS Data Encryption Standard” by W. Diffie and M. Hellman (Computer June 12977, pp. 74–84). This paper discussed the construction of a large parallel processor in which the entire 56bit keying variable space was partitioned over a very large number of identical independent processors. The paper also advanced the argument that declining computation costs would eventually reduce the cost of a solution to a nominal sum.
This type of attack can be countered, of course, by increasing the size of the keying variable and it would not require a variable of much larger size than the 56bit variable to effectively frustrate this approach.
The second attack is detailed in a lengthy paper entitled “Differential Cryptanalysis of DESlike Cryptosystem” by E. Biham and A. Shamir (The Weizmann Institute of Science/Department of Applied Mathematics, Jun. 18, 1990). This paper is a seminal work in academic cryptography. It introduces a new statistical cryptanalytic method termed Differential Cryptanalysis that the authors described as “a method which analyses the effect of particular differences in plaintext pairs on the differences of the resultant ciphertext pairs.” These differences can be used to assign probabilities to the possible keys and to locate the most probable key.
Biham and Shamir use the DES as an example for their new cryptanalytic method. They characterize the DES as an iterated crypto system in that it realizes a strong cryptographic function by iterating a weaker function many times. Their attack is based on Boolean differencing in which the structure of the DES appears to be an ideal candidate for this type of cryptanalysis.
When applied to the DES, their attack would have beaten exhaustion if the DES had used less than 16 rounds of iteration. In particular, the following points were observed:

 (1) modification of the key scheduling algorithm cannot make the DES much stronger;
 (2) the attacks on DES with 9–16 rounds are not influenced by the P permutation and the replacement of the P permutation by any other fixed permutation or function cannot make them less successful;
 (3) replacement of the order of the Sboxes without changing their values can make the DES weaker;
 (4) replacement of the XOR operation by the more complex addition operation makes the DES much weaker; and
 (5) the DES with randomly chosen Sboxes is very easy to break. Even a change of one entry in one Sbox can make the DES easier to break.
The initial differentiation cryptanalytic technique was shown successful against a DES with fewer than 16 rounds because the statistical characteristics of the Boolean function combining can be easily discovered and tests built around these statistics.
Further work related to differential cryptanalysis encompasses so called linear cryptanalysis (“Linear Cryptanalysis Method for DES Cipher,” Mistura Matsui, Abstracts of EUROCRYPT'93, pp. W112–123) and statistical attacks by Davis and others. Biham and Shamir published an improvement of one of these attacks in “An Improvement of Davies' Attack on DES,” EUROCRYPT '94, pp. 461–467. In this paper they reported breaking the full 16round DES faster than exhaustive search. The statistical attack requires a larger volume of known plaintextciphertext pairs.
What the various cryptographic attacks and the increase in computer power available to exhaust (i.e. try all possible ) the 56 bit key of single DES have done is cause the U.S. Government to recommend using TDEA or Triple DES. TDEA basically uses the 16 rounds of the single DES engine three times with different cryptographic keys to provide increased security. The penalty that is paid for the TDEA is a three fold increase in running time over the single DES.
As noted in FIPS PUB 463 Oct. 25, 1999: “With regard to the use of single DES, exhaustion of the DES (i.e. breaking a DES encrypted ciphertext by trying all possible keys) has become increasingly more feasible with technology advances. Following a recent hardware based DES key exhaustion attack, NIST can no longer support the use of single DES for many applications. Therefore, Government agencies with legacy systems are encouraged to transition to Triple DES. Agencies are advised to implement Triple DES when building new systems.”
Also from FIPS PUB 463: “DES forms the basis for TDEA (Triple Data Encryption Algorithm or Triple DES).” “The X9.52 standard, “Triple Data Encryption Algorithm Modes of Operation” describes seven different modes for using TDEA (Triple Data Encryption Algorithm or Triple DES) described in this standard. These seven modes are called the TDEA Electronic Codebook Mode of Operation (TECB) mode, the TDEA Cipher Block Chaining Mode of Operation (TCBC), the TDEA Cipher Block Chaining Mode of Operation—Interleaved (TCBCI), the TDEA Cipher Feedback Mode of Operation (TCFB), the TDEA Cipher Feedback Mode of Operation—Pipelined (TCFBP), the TDEA Output Feedback Mode of Operation (TOFB), and the TDEA Output Feedback Mode of Operation—Interleaved (TOFBI). The TECB, TCBC, TCFB and TOFB modes are based upon the ECB, CBC, CFB and OFB modes respectively obtained by substituting the DES encryption/decryption operation with the TDEA encryption/decryption operation.
A DES key consists of 64 binary digits (“0”s or “1”s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used for error detection. The 8 error detection bits are set to make the parity of each 8bit byte of the key odd, i.e., there is an odd number of “1 ”s in each 8bit byte. A TDEA key consists of three DES keys, which is also referred to as a key bundle. Authorized users of encrypted computer data must have the key that was used to encipher the data in order to decrypt it. The encryption algorithms specified in this standard (i.e. FIPS 463) are commonly known among those using the standard.
This standard became effective July 1977. It was reaffirmed in 1983, 1988, 1993, and 1999. It applies to all Federal agencies, contractors of Federal agencies, or other organizations that process information (using a computer or telecommunications system) on behalf of the Federal Government to accomplish a Federal function. Each Federal agency or department may issue internal directives for the use of this standard by their operating units based on their data security requirement determinations.
With this modification of the FIPS 462 standard (i.e. FIPS 463):
 1. Triple DES (i.e., TDEA), as specified in ANSI X9.52 will be recognized as a FIPS approved algorithm.
 2. Triple DES will be the FIPS approved symmetric encryption algorithm of choice.
 3. Single DES (i.e DES) will be permitted for legacy systems only. New procurements to support legacy systems should, where feasible, use Triple DES products running in the single DES configuration.
The present invention has been accomplished in view of the above circumstances, and it is an object of the present invention to provide an enhanced DES cryptographic system having an enhanced DES device and process to strengthen the cryptanalytic resistive structure of the DES.
It is another object of the present invention to provided an enhanced DES cryptographic system which may be made compatible with existing DES fielded systems and circuits.
It is still another object of the present invention to provide an enhanced DES cryptographic system which can operate at high speed without high electronic or software complexity or cost.
To achieve the above objects, applicants' enhanced DES cryptographic device, system, and process of the present invention improves on the traditional DES by allowing for multiple levels of increased security and longer key lengths while retaining fundamental elements of the traditional DES. This increased security is likely stronger that TDEA or Triple DES yet because it uses a structure similar to the single DES structure it runs in the time and at speeds of single DES and hence avoids the three fold run time penalty of TDEA.
The enhanced DES cryptographic system of the present invention uses modifications to improve on the conventional DES which allows for increased levels of security for each of the four single DES modes (i.e., ECB, CBC, CFB and OFB) while incorporating a form that may be made compatible with the traditional 56 bit DES/DEA algorithm. DEA (Data Encryption Algorithm) is the term used by ANSI and the international community to identify DES. Similarly the enhanced DES cryptographic system and process of the present invention can improve on the TDEA by allowing for increased levels of security for each of the seven modes using the enhanced DES system as a basis while incorporating forms that are compatible with the traditional seven TDEA modes called the TDEA Electronic Codebook Mode of Operation (TECB) mode, the TDEA Cipher Block Chaining Mode of Operation (TCBC), the TDEA Cipher Block Chaining Mode of Operation—Interleaved (TCBCI), the TDEA Cipher Feedback Mode of Operation (TCFB), the TDEA Cipher Feedback Mode of Operation—Pipelined (TCFBP), the TDEA Output Feedback Mode of Operation (TOFB), and the TDEA Output Feedback Mode of Operation—Interleaved (TOFBI). The enhanced algorithm modifies the fixed permutation P of the classic DES algorithm that is applied after the S boxes while preserving its character of a 1—1 mapping. One of the preferred embodiments utilizes a logical array of binary switches in a structured class of networks (e.g. Omega networks or BenesWaksman networks) so as to construct permutations which can vary. Depending upon the particular network implemented, a related fixed permutation may be computed so that when the binary switches are all set to a default condition, the resulting permutation created by the network when followed by the related fixed permutation, results in a permutation equivalent to the fixed permutation of the conventional DES. This is a means used to create the feature of “backward compatibility” with the traditional single DES or the traditional modes of TDEA. These variable permutations can be based upon elements of the cryptographic key (i.e. cryptovariable), or can depend on additional elements such as an encipherment counter or frame counter or some permanently fixed bits. Although there are many logically equivalent ways to implement the variable permutation which are all compatible as long as the logical structure is maintained, the enhancement of the present invention is such that as long as the permutation is kept secret and not known by unauthorized parties, the permutation could be varied less frequently than the life of the 56 bit cryptographic key for the single DES, or it can be changed at the beginning of a cryptoperiod and not changed until the next cryptoperiod or it could be varied within the cryptoperiod based upon such factors or various combinations of the following such factors as additional bits from a cryptographic key, a clock or counter, specified number of output bits from the encryption engine after every set of 16 rounds of the engine, or within engine's operating cycle at each separate “round” of the engine. Of course, these additional elements must also be known by the “decrypt” engine.
It is well known to persons skilled in the art that various cryptographic devices can be used to generate bit streams and vectors for other cryptographic purposes than message encryption and decryption such as symmetric keys for other cryptographic devices or initialization vectors. Some schemes use randomizers or noise diodes which produce non deterministic outputs that can be used for cryptographic keys and or starting settings or initialization vectors for cryptographic devices. In these types of applications it is not necessary nor is it desirable to communicate the initial settings, cipher keys and randomizer bits of the cipher machine used as this type of bit stream generator to any other cipher machine. In the applicants' enhanced device a preferred method of utilizing such randomizer output bits is in the generation of the P* permutation where the randomizer bits are used directly or indirectly (e.g. setting a maximal length LFSR) for beta elements in an Omega network and to also be used in determining when to replace the P* permutation with another P*. One of the traditional concerns has been that a biased (i.e. not exactly 50% ones and 50% zeros) randomizer when used for the initialization of a cipher device may cause biased or partially predictable outputs. The same concern occurs when the randomizer is used to directly produce cryptographic keys used by a cryptographic device to generate so called random output. Using the nondeterministic output of a randomizer to generate and or replace the P* permutation provides additional assurance against any such biased or partially predictable output from the enhanced device of the present invention.
Related aspects and advantages of the invention will become apparent and more readily appreciated from the following detailed description of the invention, taken in conjunction with the accompanying drawings.
The present invention will now be described by way of preferred embodiments with references to the accompanying drawings. Like numerals refer to corresponding parts of various drawings.
The particular enhancements described will be to the mode known as the Electronic Codebook (ECB) mode of single DES. It is obvious to someone skilled in the art that the enhancements of the present invention also apply to the other modes and their variations and also to the various modes of TDEA.
The present invention utilizes the basic structure of DES with a modification to the fixed permutation applied after the S boxes in the f function of traditional DES. Said modification enables the permutation P* 136 applied after the S boxes 170 to be varied under control of some of the bits of the cryptographic key 134. The present invention utilizes cryptographic key bits for three purposes. The first purpose is to furnish the 56 bits (excluding the 8 bits of parity) 138 used to create the 64 bits (including the 8 bits of parity) 166 that traditional DES uses to compute the elements of the so called key schedule (118 _{1}. . . 118 _{16}). The second purpose is to supply cryptographic key bits 142 that are used to control the generation and replacement of the variable P* permutation 136. The third purpose is to provide a privacy means 150 such that encipherment of a data block 110 and decipherment of a cipher block 132 can be accomplished in private by using a secret mask 150 which determines which subset of cryptographic key bits 138 selected from the cryptographic key 134 are used for the DES key schedule 168 and which subset of the remaining cryptographic key bits 142 are used for the control and generation of the variable P* permutation 136.
An enhanced DES method according to the present invention is designed to encipher and decipher blocks of data consisting of, e.g., 64 bits under control of a cryptographic key. The length of the cryptographic key may vary but in our preferred embodiment it is at least 128 bits of which 56 bits 138 are used create a 64 bit sub key with parity 166 for the traditional DES key schedule 168 shown in
The steps for carrying out data encryption using the enhanced DES method according to the present invention is shown in
In particular, the output in each sub round is L_{n } 152 and R_{n } 154 and given by:
L _{n} =R _{n−1}
R _{n} =L _{n−1}⊕ƒ(R _{n−1} , K _{n})
where ⊕ indicates the bitbybit modulo2 addition
The output at the end of 16 rounds consists of a preoutput which is the concatenation of R_{16 } 126 and L_{16 } 128. Subsequently, after an inverse initial permutation in step 130, an output block of 64 bits 132 is produced.
The 32 bits 174 resulting from application of P* are further permuted by a fixed onetoone permutation P′ 184 resulting in 32 output bits 176. The P′ permutation would normally be calculated at the time of designing the embodiment and is calculated so that when the beta elements of the FPGA 136 are all set to a particular default condition, which in our preferred embodiment is all zeros, the fixed P′ permutation 184 is such that equivalent to the fixed and defined P permutation of the traditional DES. This is the feature that enables the present invention to have a mode that is compatible with the traditional DES. Note that the above referenced P permutation is identified in U.S. Pat. No.: 3,962,539 as 600 and its values are specified on page 15 of FIPS 463 as permutation function P.
The operation of the process needed to select from the SuperKey 134 the DES engine sub key 138 and the subkey 142 used to generate and or replace P* is controlled by a control module 200. This module may also be used to control bits from a randomizer 208 when the system is in the mode of generating nonreproducible and nonpredictable output (i.e. unable to be decrypted or replicated by another party with the same device and settings) for use such as in generating cryptographic keys or wherever non deterministic or difficult to predict information is required.
The following is an example of an application of the privacy feature of the preferred embodiment of the present invention. Two users of an instant messaging application over the internet each have an identical implementation of the applicants' improved invention. A cipher key (e.g. 128 bits) 134 is securely supplied to each user by the messaging system. This enables the users to encrypt and decrypt messages to each other using the identical cipher key. However, depending upon the architecture and implementation of the cipher key generation and distribution system the messaging system operator may be able to hold a copy of the cipher key 134 allowing unauthorized reading of the messages sent between users. The users may wish to achieve additional privacy to protect against this unauthorized reading of messages. This can be accomplished using the present invention as follows.
First the users agree upon a secondary cipher key using an independent channel from that of the messaging service. This secondary cipher key could be another 128 bit cipher key or a mutually agreed upon pass phrase of enough length that it can be converted by a means such as ASCII representation into a binary mask 150 of 56 ones which is used to select 56 bits of sub key 138 from the original cipher key 134. The bits in the original cipher key positions corresponding to the positions of the 56 ones in the mask become the ordered 56 bits of the sub key 138. The remaining ordered 72 bits of the original cipher key are used to preset a portion of an M sequence LFSR 144 which generates bits for changing P*. The result is that the two users now have used the identical initial cipher key but each has modified it in the same unique way. This modification is as secure as the independent channel used to communicate the secondary cipher key and the means of selecting the secondary cipher key or pass phrase. If this secondary cipher key is in fact securely communicated between the two users then the users are protected against the possibility of the messaging service operator using a copy of the original cipher key in an unauthorized manner to read the messages between the two users. The situation of the messaging service operator providing pathological cipher keys such as all zeros or all ones can be checked for by the users' application.
The heart of the cryptosecurity of the applicants' improved DES system resides in the f function 120 as shown in
The 32 bits 148 that result from this substitution step 170 are permuted in step 136 using a dynamic permutation process (DPP) 136 as shown in
The dynamic permutation process (DPP) 136 using a fivestage Omega Network is shown in
The five stage Omega network as shown in
The Omega network cascaded with the fixed permutation as shown in
The preferred embodiment described herein utilizes a Field Programable Gate Array (FPGA) 136 which is a device performing the function of a custom electronic digital logic circuit but is userprogrammable and even reprogrammable in the system. The device typically has the capability to implement combinatorial logic in small lookup tables such that each table either feeds the input of a flipflop or drives other logic or connects to input or output blocks. There are many configurations of FPGAs and various devices are designed for special properties such as high speed or low power. Advantages of FPGAs are much faster time from design to implementation and much cheaper implementation costs for smaller numbers of systems. If very large volumes of a device are to be produced then it may be cheaper to implement the logic in a custom large scale integrated digital circuit.
For each round of the encryption process, the permutation in each f function can be varied, and the variation need not by cyclic after sixteen rounds but nonrepeating throughout an encryption. Additionally, the variation in the permutation can also be a function of the extended keying variable.
The interconnection of beta switch elements as shown in
Since the Omega network as shown in
The number of bits from the cryptographic keying variable, and the number of bits from the sources described above, would need to sum to 80 as this is the number of onebit controls needed to set the 5 level 32 input omega network. A standard key length is 128 bits, so in the present invention a preferred embodiment would use 56 bits for the traditional DES key schedule and the remaining 72 bits as control bits for 72 Beta elements. The additional 8 bits needed to completely define the 80 element omega network in this example could be fixed for a particular implementation or use or could be variable within a cryptoperiod or from cryptoperiod to cryptoperiod.
Additionally, a network referred to as the BenesWaksman network, which is realizable with Beta elements for all of the 32! permutations, can also be used in the present invention as an alternative arrangement for the permutation network. The BenesWaksman network differs from the Omega network in the sense that every stage is not identical in its connection to every other stage. However, it is also understandably more complex than the omega network considered above.
It is anticipated that for whatever scheme is selected that the means to implement a scheme will be using the control means 200 and input means 204 and storage means 206 with an output means 202 for testing and verification of schemes. These are shown in
Referring primarily to
The present invention anticipates the efficient implementation of these features by the presence of a control means 200 and a storage means 206 and an input means 204 with the control means 200 connected to elements of the cipher system encryption engine 108 the replacement means for P* 210 the generation means for P* 136 the subkey register 142 and the cipher or cryptographic key 134. One example of this scheme in operation for a single user has the input means 204 sending a signal to control means 200 that the current operations should be suspended but not terminated after the encryption or decryption of so many bits of traffic. At the completion of the current operation on the said amount of traffic the control means 200 stops the current cipher operation and determines the contents of registers and internal states of the cryptographic key 134 and the 64 bit DES key 166 and the cipher device encryption engine 108 and replacement means for P* 210 and generation means for P* 136 and sub key for generating P* 142. All information necessary to restore the cipher system to its current state and to sequentially continue operations at some later time is then stored with an identification of the user in the storage means 206 for later retrieval and continuation of the cipher operations.
A similar process to that described above can be used to suspend cipher operations for one user's traffic and start or continue with cipher operations for another user. In this way a single or small number of cipher devices can service a much larger population of users in an efficient manner by quickly determining and storing the cipher system states for one user and rapidly extracting from the storage means 206 and loading the appropriate data into the system elements so as to allow the cipher system to sequentially restart and continue operations with another user.
Similarly, a single cipher device with the above described store and restore features could service a single user who has requirements for a plurality of different but simultaneous cipher operations or for a single user to simultaneously communicate with different cipher keys with a plurality of other users.
Additionally, a network referred to as the BenesWaksman network, which is realizable with Beta elements for all of the 32! permutations, can also be used in the present invention as an alternative arrangement for the permutation network. The BenesWaksman network differs from the Omega network in the sense that every stage is not identical in its connection to every other stage. However, it is also understandably more complex than the omega network considered above.
Although a specific form of the present invention has been described above and illustrated in the accompanying drawings in order to be more clearly understood, the above description is made by way of example and not as a limitation to the scope of the present invention. It is believed that various modifications apparent to one of ordinary skill in the art could be made without departing from the scope of the present invention which is to be determined by the following claims.
Claims (17)
Priority Applications (2)
Application Number  Priority Date  Filing Date  Title 

US19857500P true  20000420  20000420  
US09/838,123 US7092525B2 (en)  20000420  20010420  Cryptographic system with enhanced encryption function and cipher key for data encryption standard 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

US09/838,123 US7092525B2 (en)  20000420  20010420  Cryptographic system with enhanced encryption function and cipher key for data encryption standard 
Publications (2)
Publication Number  Publication Date 

US20020051534A1 US20020051534A1 (en)  20020502 
US7092525B2 true US7092525B2 (en)  20060815 
Family
ID=22733951
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

US09/838,123 Expired  Fee Related US7092525B2 (en)  20000420  20010420  Cryptographic system with enhanced encryption function and cipher key for data encryption standard 
Country Status (3)
Country  Link 

US (1)  US7092525B2 (en) 
EP (1)  EP1281254A4 (en) 
WO (1)  WO2001082524A1 (en) 
Cited By (7)
Publication number  Priority date  Publication date  Assignee  Title 

US20040146158A1 (en) *  20030124  20040729  Samsung Electronics Co., Ltd.  Cryptographic systems and methods supporting multiple modes 
US20060013387A1 (en) *  20040714  20060119  RueiShiang Suen  Method and system for implementing KASUMI algorithm for accelerating cryptography in GSM/GPRS/EDGE compliant handsets 
US20070121943A1 (en) *  20040318  20070531  Stmicroelectronics Limited  Data obfuscation 
US20070253549A1 (en) *  20060418  20071101  Ufuk Celikkan  Encryption apparatus and method for providing an encrypted file system 
US7587614B1 (en) *  20050830  20090908  Altera Corporation  Encryption algorithm optimized for FPGAs 
US7827408B1 (en) *  20070710  20101102  The United States Of America As Represented By The Director Of The National Security Agency  Device for and method of authenticated cryptography 
US9960909B2 (en)  20141208  20180501  OpenSilicon Inc.  High speed and low power hashing system and method 
Families Citing this family (27)
Publication number  Priority date  Publication date  Assignee  Title 

US7106860B1 (en) *  20010206  20060912  Conexant, Inc.  System and method for executing Advanced Encryption Standard (AES) algorithm 
US6937727B2 (en) *  20010608  20050830  Corrent Corporation  Circuit and method for implementing the advanced encryption standard block cipher algorithm in a system having a plurality of channels 
US7103180B1 (en) *  20011025  20060905  HewlettPackard Development Company, L.P.  Method of implementing the data encryption standard with reduced computation 
DE10200351A1 (en) *  20020108  20030717  Hoetker Andreas  Data security algorithm uses 64 bit processing for 28 bit words. 
US7215768B2 (en) *  20020625  20070508  Intel Corporation  Shared new data and swap signal for an encryption core 
JP2004361986A (en) *  20030408  20041224  Sharp Corp  Scrambler circuit 
US7577250B2 (en)  20040812  20090818  Cmla, Llc  Key derivation functions to enhance security 
US7564970B2 (en)  20040812  20090721  Cmla, Llc  Exponential data transform to enhance security 
US8077861B2 (en) *  20040812  20111213  Cmla, Llc  Permutation data transform to enhance security 
US8005209B2 (en) *  20050106  20110823  Polytechnic University  Invariance based concurrent error detection for the advanced encryption standard 
CN101484901B (en) *  20060228  20140917  塞尔蒂卡姆公司  System and method for controlling productive process 
US20070245413A1 (en) *  20050705  20071018  Viasat, Inc.  Trusted Cryptographic Switch 
US7581117B1 (en)  20050719  20090825  Actel Corporation  Method for secure delivery of configuration data for a programmable logic device 
DE602006020010D1 (en) *  20051219  20110324  St Microelectronics Sa  Protection of the execution of a DES algorithm 
FR2897451A1 (en) *  20060213  20070817  France Telecom  Cryptographic device and method for generating pseudoaletorial numbers 
JP5050454B2 (en) *  20060901  20121017  ソニー株式会社  Cryptographic processing apparatus, cryptographic processing method, and computer program 
US8566695B2 (en) *  20070330  20131022  Sandisk Technologies Inc.  Controlling access to digital content 
US8958550B2 (en) *  20110913  20150217  Combined Conditional Access Development & Support. LLC (CCAD)  Encryption operation with real data rounds, dummy data rounds, and delay periods 
JP5612007B2 (en) *  20120315  20141022  株式会社東芝  Encryption key generator 
US20130315387A1 (en) *  20120525  20131128  YiLi Huang  Encryption method characterized by three dimensional computation, feedback control, and dynamic transition box 
US9665483B2 (en) *  20130930  20170530  Alcatel Lucent  Method and apparatus for bitinterleaving 
US20150222421A1 (en) *  20140203  20150806  Qualcomm Incorporated  Countermeasures against sidechannel attacks on cryptographic algorithms 
US9515818B2 (en) *  20140916  20161206  Apple Inc.  Multiblock cryptographic operation 
RU2598781C1 (en) *  20150731  20160927  Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы"  Method of linear conversion (versions) 
NL2015599B1 (en) *  20151012  20170502  Koninklijke Philips Nv  A cryptographic device and an encoding device. 
WO2018066951A1 (en) *  20161009  20180412  Lg Electronics Inc.  Improved lightweight block cipher 
CN106788974B (en) *  20161222  20200428  深圳国微技术有限公司  Mask S box, grouping key calculation unit, device and corresponding construction method 
Citations (12)
Publication number  Priority date  Publication date  Assignee  Title 

US3798359A (en)  19710630  19740319  Ibm  Block cipher cryptographic system 
US3798360A (en) *  19710630  19740319  Ibm  Step code ciphering system 
US3958081A (en)  19750224  19760518  International Business Machines Corporation  Block cipher system for data security 
US4319079A (en) *  19790913  19820309  Best Robert M  Crypto microprocessor using block cipher 
US5003596A (en) *  19890817  19910326  Cryptech, Inc.  Method of cryptographically transforming electronic digital data from one form to another 
US5003597A (en) *  19891221  19910326  Xerox Corporation  Method and apparatus for data encryption 
US5008935A (en) *  19890630  19910416  At&T Bell Laboratories  Efficient method for encrypting superblocks of data 
US5623549A (en) *  19950130  19970422  Ritter; Terry F.  Cipher mechanisms with fencing and balanced block mixing 
US5687237A (en) *  19951113  19971111  Pitney Bowes Inc.  Encryption key management system for an integrated circuit 
US5745577A (en) *  19960725  19980428  Northern Telecom Limited  Symmetric cryptographic system for data encryption 
US6272221B1 (en) *  19970807  20010807  Nec Corporation  Encryption apparatus and computorreadable recording medium containing program for realizing the same 
US6952478B2 (en) *  20000505  20051004  Teleputers, Llc  Method and system for performing permutations using permutation instructions based on modified omega and flip stages 
Family Cites Families (1)
Publication number  Priority date  Publication date  Assignee  Title 

US3789360A (en) *  19721013  19740129  Harris Intertype Corp  Convolutional decoder 

2001
 20010420 WO PCT/US2001/011726 patent/WO2001082524A1/en not_active Application Discontinuation
 20010420 EP EP01932529A patent/EP1281254A4/en not_active Withdrawn
 20010420 US US09/838,123 patent/US7092525B2/en not_active Expired  Fee Related
Patent Citations (12)
Publication number  Priority date  Publication date  Assignee  Title 

US3798359A (en)  19710630  19740319  Ibm  Block cipher cryptographic system 
US3798360A (en) *  19710630  19740319  Ibm  Step code ciphering system 
US3958081A (en)  19750224  19760518  International Business Machines Corporation  Block cipher system for data security 
US4319079A (en) *  19790913  19820309  Best Robert M  Crypto microprocessor using block cipher 
US5008935A (en) *  19890630  19910416  At&T Bell Laboratories  Efficient method for encrypting superblocks of data 
US5003596A (en) *  19890817  19910326  Cryptech, Inc.  Method of cryptographically transforming electronic digital data from one form to another 
US5003597A (en) *  19891221  19910326  Xerox Corporation  Method and apparatus for data encryption 
US5623549A (en) *  19950130  19970422  Ritter; Terry F.  Cipher mechanisms with fencing and balanced block mixing 
US5687237A (en) *  19951113  19971111  Pitney Bowes Inc.  Encryption key management system for an integrated circuit 
US5745577A (en) *  19960725  19980428  Northern Telecom Limited  Symmetric cryptographic system for data encryption 
US6272221B1 (en) *  19970807  20010807  Nec Corporation  Encryption apparatus and computorreadable recording medium containing program for realizing the same 
US6952478B2 (en) *  20000505  20051004  Teleputers, Llc  Method and system for performing permutations using permutation instructions based on modified omega and flip stages 
NonPatent Citations (2)
Title 

K. Wong, A SingleChip FPGA Implementation of the Data Encryption Standard (DES) Algorithm, 1998, IEEE, retrieved data Feb. 2, 2005. * 
Michael Portz, On the use of Interconnection Network in Cryptograph, 1991, Advanced in CryptographyEUROCRYPT'91, @SpringerVerlag Heidlberg 1991; retrieved data Feb. 2, 2005 http://springerlink.metapress.com/media/G2E72BWGVQCTRP64QWTM/Contributions/F/Q/H/C/F. * 
Cited By (12)
Publication number  Priority date  Publication date  Assignee  Title 

US20040146158A1 (en) *  20030124  20040729  Samsung Electronics Co., Ltd.  Cryptographic systems and methods supporting multiple modes 
US7336783B2 (en) *  20030124  20080226  Samsung Electronics, C., Ltd.  Cryptographic systems and methods supporting multiple modes 
US20070121943A1 (en) *  20040318  20070531  Stmicroelectronics Limited  Data obfuscation 
US8588406B2 (en) *  20040318  20131119  Stmicroelectronics Limited  Data obfuscation 
US20060013387A1 (en) *  20040714  20060119  RueiShiang Suen  Method and system for implementing KASUMI algorithm for accelerating cryptography in GSM/GPRS/EDGE compliant handsets 
US7587614B1 (en) *  20050830  20090908  Altera Corporation  Encryption algorithm optimized for FPGAs 
US20070253549A1 (en) *  20060418  20071101  Ufuk Celikkan  Encryption apparatus and method for providing an encrypted file system 
US7428306B2 (en) *  20060418  20080923  International Business Machines Corporation  Encryption apparatus and method for providing an encrypted file system 
US20080310624A1 (en) *  20060418  20081218  International Business Machines Corporation  Encryption Apparatus and Method for Providing an Encrypted File System 
US8107621B2 (en)  20060418  20120131  International Business Machines Corporation  Encrypted file system mechanisms 
US7827408B1 (en) *  20070710  20101102  The United States Of America As Represented By The Director Of The National Security Agency  Device for and method of authenticated cryptography 
US9960909B2 (en)  20141208  20180501  OpenSilicon Inc.  High speed and low power hashing system and method 
Also Published As
Publication number  Publication date 

WO2001082524A1 (en)  20011101 
EP1281254A1 (en)  20030205 
EP1281254A4 (en)  20030604 
US20020051534A1 (en)  20020502 
Similar Documents
Publication  Publication Date  Title 

Bogdanov et al.  ALE: AESbased lightweight authenticated encryption  
Sarkar  A simple and generic construction of authenticated encryption with associated data  
Halevi et al.  A tweakable enciphering mode  
Biham et al.  The rectangle attack—rectangling the Serpent  
Rijmen et al.  The cipher SHARK  
US8625794B2 (en)  Whitebox cryptographic system with configurable key using intermediate data modification  
AU2003213312B2 (en)  Block cipher apparatus using auxiliary transformation  
US5511123A (en)  Symmetric cryptographic system for data encryption  
US7110545B2 (en)  Method and apparatus for symmetrickey encryption  
US7295671B2 (en)  Advanced encryption standard (AES) hardware cryptographic engine  
EP0725511B1 (en)  Method for data encryption/decryption using cipher block chaining (CBC) and message authentication codes (MAC)  
Delfs et al.  Introduction to cryptography  
Gligor et al.  Fast encryption and authentication: XCBC encryption and XECB authentication modes  
US7949129B2 (en)  Method and apparatus for facilitating efficient authenticated encryption  
US8127130B2 (en)  Method and system for securing data utilizing reconfigurable logic  
US7319751B2 (en)  Data encryption  
US7397916B2 (en)  System and method for protecting computer software from a white box attack  
US7827223B2 (en)  Accelerated throughput synchronized word stream cipher, message authenticator and zeroknowledge output random number generator  
Biham  New types of cryptanalytic attacks using related keys  
DE602005002632T2 (en)  Key masking for cryptographic processes using a combination of random mask values  
US5835599A (en)  Muticycle nonparallel data encryption engine  
DE69931606T2 (en)  Data transmitter and recording medium for recording a program for data transformation  
US6295606B1 (en)  Method and apparatus for preventing information leakage attacks on a microelectronic assembly  
EP0839418B1 (en)  Cryptographic method and apparatus for nonlinearly merging a data block and a key  
Nandi et al.  Theory and applications of cellular automata in cryptography 
Legal Events
Date  Code  Title  Description 

AS  Assignment 
Owner name: INFORMATION SECURITY INCORPORATED, MARYLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HERSHEY, JOHN E.;MATCHETT, NOEL D.;REEL/FRAME:020808/0559;SIGNING DATES FROM 20080114 TO 20080226 

FPAY  Fee payment 
Year of fee payment: 4 

FPAY  Fee payment 
Year of fee payment: 8 

FEPP  Fee payment procedure 
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.) 

LAPS  Lapse for failure to pay maintenance fees 
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY 

STCH  Information on status: patent discontinuation 
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 

FP  Expired due to failure to pay maintenance fee 
Effective date: 20180815 